Unrestricted access between network segments - AWS
Description
The infrastructure definition for network segments in the AWS context is too permissive.
Impact
- Expose resources, processes and sensitive information that could be compromised. - Accept incoming or outcoming connections that should be restricted by design
Recommendation
Limit network segments, ports, IP addresses, network protocols, and administrative services only to the required users.
Threat
Anonymous attacker from Internet.
Expected Remediation Time
⏱️ 120 minutes.
Requirements
255 - Allow access only to the necessary portsFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
A
Attack complexity
H
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P